Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
Mock-User-Auth is a mock user authentication API developed in Nodejs and Express using JWT as authenticator
Inspired by mod_cloudflare.c, this ExpressJS middleware will replace the IP variable with the correct remote IP sent from CloudFlare.
modern-ahocorasick
> All-in-one development toolkit for creating node modules with Jest, Prettier, ESLint, and Standard
Phaser 3 TypeScript utilities.